Pe
Observability Azure

Peekaping on Ubuntu 24.04 on Azure User Guide

| Product: Peekaping on Ubuntu 24.04 LTS on Azure

Overview

Peekaping is an open-source, self-hosted uptime monitoring system built with a Go API and a React web interface. It checks websites, APIs, TCP ports, DNS records, containers and databases on a schedule, records a heartbeat history for every check, calculates uptime statistics, publishes status pages, and raises alerts through notification channels. The cloudimg image runs Peekaping 0.0.46 with a bundled PostgreSQL and Redis under Docker Compose on a single VM, generates a unique administrator password and unique database and cache passwords on the first boot of every VM, and closes self-registration so nobody can claim the administrator account on your instance. Backed by 24/7 cloudimg support.

What is included:

  • Peekaping 0.0.46 (API, web interface, producer, worker and ingester) with every container pinned by image digest rather than a floating tag
  • A bundled PostgreSQL 17 and Redis 7, reachable only inside a private container network and never published to a host port
  • nginx on port 80 as the single public entry point, serving the web interface and proxying the API and the live heartbeat stream
  • A unique administrator password, PostgreSQL password and Redis password generated on first boot, plus fresh session signing keys minted into a brand-new database
  • Self-registration closed on first boot, verified by the image itself
  • docker.service, peekaping.service and nginx.service as systemd units, enabled and active
  • 24/7 cloudimg support

Note on upstream status. The Peekaping project describes itself as beta software under active development. The cloudimg image ships the official upstream 0.0.46 release unmodified and pinned by digest.

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is the recommended starting size. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. No other port needs to be open.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Peekaping by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name peekaping \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name peekaping --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the stack is running

On first boot the image generates a unique administrator password and unique PostgreSQL and Redis passwords, starts the container stack, registers the administrator account over the loopback interface before the public port is reachable, and then verifies that no further registration is accepted.

systemctl is-active docker.service peekaping-firstboot.service peekaping.service nginx.service

Expected output:

active
active
active
active

Check what is actually listening. Only SSH and the web interface face the network; the API and the web container are bound to the loopback interface, and PostgreSQL and Redis are not published to a host port at all.

ss -tlnH | awk '{print $1, $4}' | sort -u

Expected output:

LISTEN 0.0.0.0:22
LISTEN 0.0.0.0:80
LISTEN 127.0.0.1:8034
LISTEN 127.0.0.1:8081
LISTEN 127.0.0.53%lo:53
LISTEN 127.0.0.54:53
LISTEN [::]:22
LISTEN [::]:80

Peekaping services and listeners on Ubuntu 24.04

Confirm the health endpoint answers, and that an unauthenticated API call is refused:

curl -s -o /dev/null -w 'health: %{http_code}\n' http://127.0.0.1/api/v1/health
curl -s -o /dev/null -w 'unauthenticated /monitors: %{http_code}\n' http://127.0.0.1/api/v1/monitors

Expected output:

health: 200
unauthenticated /monitors: 401

Step 5 - Retrieve your administrator password

Every VM gets its own administrator password. It is written to a root-only file on first boot.

sudo cat /root/peekaping-credentials.txt

The file records the access URL, the administrator email and the per-VM password:

PEEKAPING_URL=http://<vm-public-ip>
PEEKAPING_ADMIN_EMAIL=admin@peekaping.local
PEEKAPING_ADMIN_PASSWORD=<generated-for-your-vm>

Peekaping first boot sentinel and per-VM credentials file

Confirm the file is readable only by root:

stat -c '%A %U:%G %n' /root/peekaping-credentials.txt

Expected output:

-rw------- root:root /root/peekaping-credentials.txt

Step 6 - Review the container stack

The eight containers are pinned by image digest, so a rebuild can never silently pull a different version.

sudo docker compose --env-file /etc/peekaping/peekaping.env -f /etc/peekaping/compose.yaml ps --format 'table {{.Service}}\t{{.Status}}'

Peekaping container stack pinned by digest

The migrate container is a one-shot job that applies the database schema and exits 0; the rest stay running. PostgreSQL and Redis have no host port, so they are reachable only by the other containers over the private Compose network.

Step 7 - Sign in to the web interface

Browse to http://<vm-public-ip>/ and sign in with the email and password from Step 5.

Peekaping sign in page

Self-registration is closed on this instance. Peekaping only accepts a registration while no administrator exists, and the image creates one on first boot before the port is reachable, so the account cannot be claimed by anyone else. You can confirm that from the VM:

curl -s -o /dev/null -w 'register: %{http_code}\n' -X POST http://127.0.0.1/api/v1/auth/register -H 'Content-Type: application/json' -d '{"email":"someone@example.com","password":"Example123!x"}'

Expected output:

register: 400

Step 8 - Create your first monitor

Choose Monitors then Create. Give the monitor a name, pick a type, and enter the target. An HTTP(S) monitor needs only a URL.

Peekaping new monitor form

Peekaping supports many monitor types beyond plain HTTP, including keyword and JSON-query HTTP checks, TCP port, ICMP ping, DNS, push, Docker container, gRPC, SNMP, and direct database checks for MySQL/MariaDB, PostgreSQL, Microsoft SQL Server, MongoDB and Redis, plus MQTT, RabbitMQ and Kafka.

Peekaping monitor types

Save the monitor and Peekaping begins checking on the interval you set. The monitor page shows the current status, a live heartbeat bar, uptime over 24 hours, 7 days, 30 days and a year, and a response-time chart.

Peekaping monitor detail with live heartbeats and uptime statistics

You can also confirm the API is serving authenticated requests from the VM. This signs in with the per-VM credentials and lists your monitors:

TOKEN=$(curl -s -X POST http://127.0.0.1/api/v1/auth/login -H 'Content-Type: application/json' -d "{\"email\":\"<PEEKAPING_ADMIN_EMAIL>\",\"password\":\"<PEEKAPING_ADMIN_PASSWORD>\"}" | jq -r '.data.accessToken // .accessToken'); curl -s -o /dev/null -w 'authenticated /monitors: %{http_code}\n' http://127.0.0.1/api/v1/monitors -H "Authorization: Bearer $TOKEN"

Expected output:

authenticated /monitors: 200

Step 9 - Publish a status page

Choose Status Pages then Create to publish a public page showing the monitors you select, so your users can check service health without access to the dashboard. Add notification channels under Notification Channels to receive alerts when a monitor goes down.

The image ships a complete security round-trip check you can run at any time. It proves the health endpoint is public, that unauthenticated and wrong-password requests are refused, that registration is closed, and that your per-VM credentials authenticate and can perform a real write:

sudo /usr/local/sbin/peekaping-roundtrip.sh

Peekaping security round trip

Step 10 - Secure the deployment

Peekaping is served over plain HTTP on port 80 in this image. Before putting it in front of users:

  • Restrict the network security group so only the addresses that need the dashboard can reach port 80, and keep port 22 limited to your management network.
  • Put your own domain and a TLS certificate in front of the VM, for example with an Azure Application Gateway, Azure Front Door, or by adding a certificate to the nginx configuration at /etc/nginx/sites-available/peekaping.
  • Change the administrator password in the web interface under the account menu, and enable two-factor authentication there.

Maintenance

Restart or stop the whole stack through its systemd unit:

sudo systemctl restart peekaping.service

Check the application logs:

sudo docker compose --env-file /etc/peekaping/peekaping.env -f /etc/peekaping/compose.yaml logs --tail 20 api

Operating system security updates are applied automatically by unattended-upgrades, which is enabled in the image.

systemctl is-enabled unattended-upgrades.service

Expected output:

enabled

The PostgreSQL and Redis data live in the Docker named volumes peekaping_pgdata and peekaping_redis. Back them up with your usual Azure disk snapshot policy, or dump the database directly:

sudo docker compose --env-file /etc/peekaping/peekaping.env -f /etc/peekaping/compose.yaml exec -T postgres pg_dump -U peekaping peekaping > /tmp/peekaping-backup.sql

Support

Email support@cloudimg.co.uk for help with this image. Peekaping itself is developed by the upstream project and documented at docs.peekaping.com. cloudimg is not affiliated with, endorsed by, or sponsored by Peekaping; the Peekaping name is used to identify the open-source software shipped in this image.